<?php
/**
 * Csrf Protection pluginAuthorization plugin, meant to be plugged in the Zend MVC dispatching loop.
 *
 * @see Application_Resource_Acl
 */
class BRail_Application_Controller_Plugin_CsrfProtection extends Zend_Controller_Plugin_Abstract
{
    /**
     * Test if web user/client is allowed to access resource, based on Acl resource
     *
     * @param Zend_Controller_Request_Abstract $request
     * @see Application_Resource_Acl
     * @return void
     */
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        if (! $request->isPost()) {
            return;
        }

        $session = new Zend_Session_Namespace('session');

        if (! $request->getParam('authentication_token')
           || $session->authenticationToken !== $request->getParam('authentication_token')) {
            $this->getRequest()->setControllerName('error')->setActionName('session');
        }
    }
}